SELinuxDenyPtrace: Write, compile, run, but don't debug applications?
Mark Wielaard
mjw at redhat.com
Thu Apr 12 18:39:42 UTC 2012
On Mon, Apr 09, 2012 at 09:38:40AM -0400, Eric Paris wrote:
> (Think about it a moment. gdb -p is the same as firefox trying to
> ptrace gnome-keyring)
I thought a bit about it. And now I am even more confused :)
It seems you are already not allowed to ptrace gnome-keyring-daemon
(or ssh-agent because that is setuid). So is there a better example
than gnome-keyring or ssh-agent to show why we would like to clobber
ptrace globally?
Thanks,
Mark
More information about the devel
mailing list